2016 was the year of the cyber-attack. A number of UK brands were the unfortunate victims of targeted attacks. Over the past 12 months, hackers have leaked valuable customer data, as well as breaching hundreds of thousands of accounts nationwide.
Given the rapid advancement of Internet of Things (IoT) and the increase of society becoming dependent on new types of technologies, we can only expect to uncover more calculated attacks, on a wider scale. While the threats we foresee will not cease, these are three areas we believe will be the biggest cyber security threats of 2017.
The big brother state is coming
Only recently, the UK government finally passed the Investigatory Powers Act 2016, giving web and phone companies the judicial powers to store everyone’s web browsing histories for 12 months and giving the police, security services and official agencies unprecedented access to the data.
The act also provides the security services and police with new powers to hack into computers and phones, and to collect communications data in bulk - demonstrating the first clear step in the UK of official government involvement in cyberspace piracy.
We expect to see these new powers seriously undermine public confidence in personal data privacy. This will likely have a knock on effect as we expect to see other countries follow suit and use the act to justify their own intrusive surveillance powers. We anticipate seeing a rise in collateral damage as a result of this law in 2017, amounting to unforeseen implications and consequences for all people and organisations that will rely on it.
The harsh reality for citizens and organisations alike will be felt more as authorities begin to police their corner of the internet. The understanding of what governments are able to ask for will take time to digest for all parties involved.
However, among this controversy, brands will begin to fight back. Think back to earlier last year. In the US, tech superpower Apple resisted the FBI’s demands to crack an iPhone linked to San Bernardino attacks. This battle reflects the wide issue of security measures used by companies to protect their customer base which specifically use devices, and highlights just how much leverage authorities should have to gain special access.
We are certain to see more big names battle against new legislation and governing powers to ultimately ensure that the needs of customers and their right to privacy are a priority of customer service in 2017.
Big problems arising from big data
Big data is a term we are hearing more and more frequently every day. Over the past 12 months, new and improved methods of applying analytics to data have confirmed the successful development of business processes and improved user experience for customers.
The potential power of big data to revolutionise our daily lives, however, does come with a serious security downside. Although at times big data can be seen as a method to protect privacy, the increase of companies embedding big data in their operations and decision-making process is leading the failure of recognising the actual human element to data analytics.
Focusing on retail as a specific example, the security and ownership of data is possibly the biggest issue for this industry. Using any form of data in retail requires a business to outline its customers purchase journey and highlight anyone involved in the transition of customer data, such as advertising and manufacturing.
As technologies advance in this industry, data will present a huge challenge for everyone involved in the IoT – users, developers and businesses. It’s great to have a single customer view, whether they’re in-store, online or elsewhere in the journey to purchase. But working out who’s responsible for their details isn’t that easy, especially when you’re relying on third parties to deliver at least some of the experience.
Big data has proven itself to improve efficiencies, free up resources and reduce costs; however in 2017 we expect to see those organisations that fail to respect the human element of data analytics put themselves at huge risk. As soon as information is shared, organisations leave themselves wide open to overvaluing big data output.
This leads to poor integrity of huge amounts of information, often resulting in poor business decisions, missed opportunities, brand damage and lost profits. To thrive and ensure data is protected, companies must understand how the information is being used, who it's being shared with, who's adding to it and how it's potentially being manipulated.
Sacrificing security for the development of IoT
The Internet of Things promises to connect products across industries. However, a lack of robust security models is a major concern holding back the rapid growth experts predict. Wearable technologies and BYOD in the workplace have already seen an increase in demand, and we expect in 2017 for smartphones and other mobile devices to become a prime target for malicious attacks in IoT.
Developers more than ever are under intense pressure to deliver timely results to the mass market, leading to a sacrifice of security ultimately resulting in poor quality products that are more easily compromised by criminals. The vulnerabilities of IoT could undermine the entire ecosystem, destroying users’ privacy and putting organisations’ private data and IP at risk. This is a topic our Wipro Digital security experts have discussed in length during 2016.
Organisations should be prepared to embrace the increasingly complex IoT and understand what it means for them, alongside working together to clearly define the scope of risks IoT systems face, share data on vulnerabilities, define safety classes of devices and inform and educate consumers of the potential risks of using IoT systems.
This should help establish a robust security model for IoT, removing the bottleneck preventing the explosive growth that experts predicted – without putting users’ privacy at stake. With the rapid advancements of technology, it is inevitable to see a knock on effect to securing the multiple types of new hardware and software available on the market.
Cybercrime is an ever-increasing threat, but over the next 12 months with an increase in better resources and a broader depth of knowledge, we anticipate that issues will be dealt with more effectively and timely than ever.
Danny Ilic, global information security head at Wipro Digital
Image source: Shutterstock/deepadesigns